Major security flaw found in AT&T's upcoming Samsung Galaxy S II device. Guys at BGR noticed that the information on the upcoming AT&T version of the Samsung Galaxy S II isn't so safe behind a once trusted pattern lock, and that it can quite simply be bypassed.

All you have to do : Wake the device using the lock key, then let the screen time out, then wake it again with the lock key and you can access all the data.

AT&T's Version of Samsung Galaxy S II is confirmed to have this security flaw, but the Sprint version or other does not suffer from this.Even I just check my own Samsung Galaxy S II (Indian Version), Yeah - ITS SAFE :)

Added IPv6 OS detection system! The new system utilizes many tests similar to IPv4, and also some IPv6-specific ones that we found to be particularly effective. And it uses a machine learning approach rather than the static classifier we use for IPv4. We hope to move some of the IPv6 innovations back to our IPv4 system if they work out well. The database is still very small, so please submit anyfingerprints that Nmap gives you to the specified URL (as long asyou are certain that you know what the target system isrunning). Usage and results output are basically the same as withIPv4, but we will soon document the internal mechanisms athttp://nmap.org/book/osdetect.html, just as we have for IPv4. For anexample, try "nmap -6 -O scanme.nmap.org". [David, Luis]

[NSE] Added 3 scripts, bringing the total to 246! You can learnmore about them at http://nmap.org/nsedoc/. Here they are (authorslisted in brackets):

Improved AIX support for raw scans. This includes some patchesoriginally written by Peter O'Gorman and Florian Schmid. It alsoinvolved various build fixes found necessary on AIX 6.1 and 7.1. Seehttp://nmap.org/book/inst-other-platforms.html. [David]

[NSE] Moved our brute force authentication cracking scripts(*-brute) from the "auth" category into a new "brute"category. Nmap's brute force capabilities have grown tremendously!You can see all 32 of them athttp://nmap.org/nsedoc/categories/brute.html. It isn't clearwhether dns-brute should be in the brute category, so for now itisn't. [Fyodor]

Made the interface gathering loop work on Linux when an interfaceindex is more than two digits in /proc/sys/if_inet6. Joe McEacherntracked down the problem and provided the fix.

[NSE] Fixed a bug in dns.lua: ensure that dns.query() always return two values(status, response) and replaced the workaround in asn-query.nse by the properuse. [Henri]

[NSE] Made irc-info.nse handle the case where the MOTD is missing.Patch by Sebastian Dragomir.

One of the Famous Virus Removal Service website : laptopvirusrepair.co.uk is compromised and Hacker is Serving Malware on the website. In above screenshot Avira detects the JS/Blacole.psak Java script Virus hosted on the site.

The snippet of code is located at the bottom of the index page:

It is an obfuscated iframe that redirects to a site that will deliver exploits: zdesestvareznezahodi.com/tds/go.php?sid=1 . This Site is listed in malwareblacklist. Detected Virus is : Kaspersky: Trojan-Downloader.JS.Agent.geo and

A Russian security company has upgraded a phone-password cracking suite with the ability to figure out the master device password for Research in Motion's BlackBerry devices. Elcomsoft said that before it developed the product, it was believed that there was no way to figure out a device password on a BlackBerry smartphone or PlayBook tablet. BlackBerry smartphones are configured to wipe all data on the phone if a password is typed incorrectly 10 times in a row, the company said.

"ElcomSoft Phone Password Breaker" does exactly what it says, enabling its users to recover plain-text passwords governing encrypted backups for BlackBerry smartphones and PlayBook tablets. (The password-breaking tool also works on Apple devices running iOS, such as iPhones and iPads.) The new feature is wrapped into Elcomsoft's Phone Password Breaker. It costs £79 ($123) for the home edition and £199 for the full-featured suite, which can also recover plain text passwords used to access encrypted backup files for Apple's iPhone, iPad and iPod Touch devices. To crack those passwords, a user does need to have the Apple device in hand.

The backup files contain sensitive data including call logs, SMS archives, calendars, photos, email account settings, a person's Web browsing history and more.Elcomsoft reserves some of its password-cracking software strictly to vetted law enforcement, such as its iOS Forensic Toolkit, which can extract passwords and decrypt a device's file system.

Disable Social Networks From Tracking You with The Priv3 Firefox Extension

In Earlier Post we Inform our readers about "Facebook track your cookies even after logout". Did you know that social networking sites like Facebook, Google+, and Twitter can track your visits to any web page that uses the familiar "Like", "Follow", or "+1" buttons, even if you do not actually click these buttons? If you care about privacy, you must have already installed privacy addons like Ghostery, Adblock Plus, but here’s a new addition to your privacy toolkit – Priv3.

Priv3 is different from addons like Ghostery. For example, Ghostery blocks social sharing buttons (+1, Like, Tweet buttons) and other social snippets (Facebook comments, Facebook connect) completely, so you may feel disconnected.

Priv3 protects your privacy by blocking trackers, but still shows social snippets like Facebook Comments, +1, like buttons so you don’t miss any content. Once you interact with the social snippet, it reloads the cookies and tracking starts again, so unless and until you interact with the snippet, the addon keeps blocking the trackers.

One thing which is too disappointing for me is that Priv3 is only available for Firefox, so all I can do is wait for a Chrome version of it. If you’re a Firefox user, check it out and also tell us what you think of it.Download The Priv3 Firefox Extension

About 4.9 million patients treated in San Antonio area military treatment facilities since 1992 have been affected by a health information breach involving the theft of backup tapes for electronic health records, federal officials say. Some of the information included Social Security numbers, addresses, phone numbers and private health information for patients in 10 states.

A statement posted on the Defense Department's Tricare health system website said no credit card or bank account information was on the backup tapes. "There is no indication that the data has been accessed by unauthorized persons," the SAIC spokesman says. SAIC is working with the local police department, Defense Criminal Investigative Services and a private investigator to attempt to recover the tapes, the spokesman adds. TRICARE "does not have a policy" on encryption of backup tapes, a TRICARE spokesman says.

SAIC did not issue a news release about the data breach on its website. One corner of the SAIC home page, though, said an “Incident Response Call Center” had been created for Tricare patients. The firm's brief statement did not use the word breach, instead describing it as a “reported loss of back-up computer tapes containing personally identifiable and protected health information” for Tricare patients.

Juliano Rizzo and Thai Duong presented a new attack on Transport Layer Security (TLS) at the Ekoparty security conference in Buenos Aires, Argentina. The researchers found that encryption, which should protect us, when we connect to some sites over HTTPS, may be compromised. The researchers say that their code is called BEAST (Browser Exploit Against SSL / TLS) prove to the world that any cryptographic protocol designed to TLS 1.1, is vulnerable and can be quite easily deciphered. Researchers try to decode the authentication cookies used to login to your account PayPal, within 10 minutes, far faster than anyone expected. If successful, the faith of Internet users in one of the pillars of online safety is fully dissipated.BEAST is different from the many published attacks against HTTPS, - said Dwan. - While other attacks are focused on property, authenticity SSL, BEAST Attacks privacy protocol. As far as we know, BEAST implements first attack, which actually decodes requests HTTPS.

Cisco provide some solutions related to this attack on blog. Protocols TLS 1.1 and 1.2 do not have a similar vulnerability, Additionally, TLS versions 1.1 (RFC 4346) and 1.2 (RFC 5246) are not affected by this issue. In TLS version 1.1 the implicit Initialization Vector (IV) was replaced with an explicit IV. Also, Datagram Transport Layer Security (DTLS) protocol versions 1.0 and 1.2 are not affected (DTLS is defined in RFC 4347). But these versions of the protocols are not supported any sites or some other popular browsers, and therefore the most popular sites currently are vulnerable. Almost all Web servers at the moment use SSL 3.0 or TLS 1.0. Of all the browsers support TLS 1.2 are only Opera, beginning with the tenth version, and Internet Explorer 8 on Windows 7 and above. Neither Mozilla Firefox, or Google Chrome TLS 1.1/1.2 is not currently supported.

Another thing to highlight is that OpenSSL implemented a feature where they send an “empty TLS record” immediately before they send a message. This empty TLS record causes a change in the CBC state where people consider it to give the message “a new IV” that the attacker can’t predict. This feature in OpenSSL is disabled with the “SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS” option and it’s also included in the “SSL_OP_ALL” option. In OpenSSL versions 0.9.6d and later, the protocol-level mitigation is enabled by default, thus making it not vulnerable to the BEAST attack.For applications that use OpenSSL, this “empty-record” trick can be enabled as a workaround. For a more permanent solution, the adoption of TLS 1.1/1.2 is what’s needed.

Nickm from the Tor Project does a good job introducing the basics on his blog for people who don’t know all the technical details about the TLS protocols and CBC.

JonDos publishes a new version of the JonDo-Software, an IP changer and IP anonymization program, that you can use for anonymous surfing in the Internet with high security anonymous proxy servers.

What is JonDo?
JonDo is an open source and free-of-charge program for Windows, Linux and MacOS X. It hides the user's IP adress behind an anonymous IP address. In contrast to other anonymizers (VPNs, anonymous proxy servers), the user's anonymity stays protected even against the providers (operators) of the anonymous IP address.

What is new?
Statistics and support requests about the usage of JonDo let assume that several users of older versions do not use the software correctly, and may thereby surf the net unsecured. The current version warns the user in such a case and launches an assistant for fixing the problem if necessary. Of course, users may also consult the extensive online help for this purpose, or use the forum or the support by e-mail or ask other user in the support chat. In any case, it is recommended to visit the IP Check in order to test the own configuration for weaknesses.

Moreover, several minor bugs and stability problems have been resolved, and the program's usability has been enhanced further. By changing to new server protocols within the next four weeks, older versions of JonDo will soon be unusable. Also for this reason, users of earlier versions should update instantaneously, if possible.Download: JonDo IP changer

An Atlanta man could receive up to five years in prison after pleading guilty Wednesday to hacking into a former employer’s patient database, stealing information and then wiping the database clean. Federal prosecutors said Eric McNeal, 37, used the patient information from a firm identified as “A.P.A.” for a direct marketing campaign at his new employer in the same building. McNeal was an information technology specialist for the perinatal medical practice in Atlanta in November 2009 when he left to join the competing perinatal practice.

McNeal used his home computer to hack into his former employer in April 2010, prosecutors said in a release.He downloaded patients’ names, addresses and telephone numbers and then cleared his former employer’s database, deleting all patient information from its system, prosecutors said. While he used the information for a direct-mail marketing campaign for the benefit of his new employer, there was no evidence McNeal misused the personal information he obtained, prosecutors said.

SecurityTube released their first fully online certification today - "SecurityTube Wi-Fi Security Expert" (SWSE) . The most interesting thing and key difference from other certifications, is that they are giving out the entire course material free of charge! You only pay if you need the certification. If you are a hobbyist or a causal security enthusiast, the course material is free for you :)

For an introductory price of $200 till October 15th, 2011 (only limited seats), they are providing all of the following:
- Lifetime access to the Students Portal
- Lifetime access to Bi-Monthly Webinars with Full Course Coverage and Live Doubt Clearing sessions
- Lifetime access to Q&A forums
- PDF copy of Slides, Cheat Sheets and 12+ hours of HD Videos
- Lifetime access to all future course updates
- Mock exams 2 weeks before the certification exam
- Final Certification exam

In our opinion, this seems like a great new direction in security training! Having people to see your whole full course content upfront and then allowing them to choose if they want to take your certification is as honest as it can get.

Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework.

He went on to say that Firefox already has a mechanism for “soft-blocking” Java that allows users to re-enable the plugin from the browser's addons manager or in response to a dialogue box that appears in certain cases. “Click to play or domain-specific whitelisting will provide some measure of benefit, but I suspect that enough users will whitelist, e.g., facebook that even with those mechanisms (which don't currently exist!) in place, we'd have a lot of users potentially exposed to java weaknesses.”

In order to protect users from an attack that decrypts sensitive web traffic, Firefox developers are looking at an update that stops the browser from working with Oracle's Java. The move would stop Firefox from working with a number of very popular websites. The team is only holding off because of how much such a ban would hurt user experience.The Browser Exploit Against SSL/TLS has earned its BEAST acronym. By injecting JavaScript into an SSL session, it can recover secret information that’s transmitted to a predictable data-stream location. It took researchers Thai Duong and Juliano Rizzo were able to use BEAST to get an encrypted authentication cookie used to access a PayPal account in less than two minutes.

The researchers settled on a Java applet as their means to bypass SOP, leading Firefox developers to discuss blocking the framework in a future version of the browser.

The prospect of Firefox no longer working with Java could cause a variety of serious problems for users, particularly those in large corporations and government organizations that rely on the framework to make their browsers work with virtual private networks, intranet tools.

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will walk you through the skills and concepts you need to master three elite cybersecurity certification exams: CISA, CISM, and CISSP [...]

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

The official website of Pakistan's Supreme Court has been hacked.Visitors to the website found derogatory and abusive remarks about the court and Chief Justice Iftikhar Muhammad Chaudhry.

Earlier the Supreme Court website was hacked by two boys also in the month of September last year to whom the court had granted bail on April 11 as they were less than 18 years of age.

The hacker declared that his intent to deface the site was ideological in nature to send a message to the Chief Justice of Pakistan Iftikhar Muhammad Chaudhry: “I am here to request you to go out and help the poor, needy and hungry. They don’t have money to eat one-time meal, they don’t have clothes to wear, and they don’t have accommodation … sitting in your royal chair won’t make any changes to our Pakistan.”.

According to the press release and independent website Zone-H, Zombie_Ksa had carried out at least 169 defacements, of which 69 were single IP and 100 mass defacements. According to Zone-H.org, he has defaced the websites of the National Response Centre for Cyber Crimes (NR3C), National Productivity Organisation (NPO), Pakistan Computer Bureau (PCB), Press Information Department (PID) as well as other government and private websites.The NR3C wing of Federal Investigation Agency (FIA) had at the time nabbed five members of PAKBugs from across Pakistan, while Zombie_Ksa was believed to be at large in Riyadh, Saudi Arabia. It is only the index file that has been replaced with the hacker’s message

The Vulnerability Assessment Team (VAT) at the U.S. Dept. of Energy's Argonne National Laboratory in Illinois has managed to hack a Diebold Accuvote touch-screen voting machine. Voting machines used by as many as a quarter of American voters heading to the polls in 2012 can be hacked with just $10.50 in parts and an 8th grade science education, according to computer science.

"This is a national security issue," VAT team leader Roger Johnston told me, echoing what I've been reporting other computer scientists and security experts telling me for years. "It should really be handled by the Department of Homeland Security." "The level of sophistication it took to develop the circuit board" used in the attack "was that of basically an 8th grade science shop," says Argonne's John Warner. "Anybody with an electronics workbench could put this together."

The Argonne team's demonstration of the attack on a Diebold Accuvote machine is seen in a short new video shared exclusively with the Brad Blog. The team successfully demonstrated a similar attack on a touch-screen system made by Sequoia Voting Systems in 2009.

Video Demonstration:

"The cost of the attack that you're going to see was $10.50 in retail quantities," explains Warner in the video. "If you want to use the RF [radio frequency] remote control to stop and start the attacks, that's another $15. So the total cost would be $26."

The Cyber Security Evaluation Tool (CSET) is a Department of Homeland Security (DHS) product that assists organizations in protecting their key national cyber assets. It was developed under the direction of the DHS National Cyber Security Division (NCSD) by cybersecurity experts and with assistance from the National Institute of Standards and Technology. This tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems. The tool is available for download, and the program also offers training and support at no cost to organizations engaged in administering networks that control facilities identified as being crucial to both the nation's economy and national security.

CSET is a desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cybersecurity posture of the organization's enterprise and industrial control cyber systems. The tool derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.

CSET has been designed for easy installation and use on a stand-alone laptop or workstation. It incorporates a variety of available standards from organizations such as National Institute of Standards and Technology (NIST), North American Electric Reliability Corporation (NERC), International Organization for Standardization (ISO), U.S. Department of Defense (DoD), and others. When the tool user selects one or more of the standards, CSET will open a set of questions to be answered. The answers to these questions will be compared against a selected security assurance level, and a detailed report will be generated to show areas for potential improvement. CSET provides an excellent means to perform a self-assessment of the security posture of your control system environment.

Key Benefits

CSET contributes to an organization's risk management and decision-making process

Raises awareness and facilitates discussion on cybersecurity within the organization

Highlights vulnerabilities in the organization's systems and provides recommendations on ways to address the vulnerability

Identifies areas of strength and best practices being followed in the organization

Provides a method to systematically compare and monitor improvement in the cyber systems

Anonymous Austria post via the official Twitter account about 25,000 records Austrian police officers. Observers suspect that the data from the Austrian section of the "International Police Association" could come. Meanwhile, the far-right Freedom Party tries to take advantage of the data leak. "This violation of the privacy of our policemen have become fair game for possible revenge attacks by criminals. Minister Mikl-Leitner, the political responsibility for this incredible gap in the IT system of their ministry and is increasingly becoming a security risk for our country," criticizes FPÖ Speak Königsberg.

The Anonymous activist collective today released personal information about a New York police officer who is believed to have sprayed pepper spray on women protesters on Wall Street. The group released phone number, addresses, names of relative and other personal data for a New York police officer, as well as photos that appear to show him at the protest and a closeup of his badge. The Occupy Wall Street organizers also called for the resignation of Police Commissioner Raymond Kelly and released additional video from the incident on the protest Web site.

In a statement, Anonymous said:
"As we watched your officers kettle innocent women, we observed you barberically (sic) pepper spray wildly into the group of kettled women. We were shocked and disgusted by your behavior. You know who the innocent women were, now they will have the chance to know who you are. Before you commit atrocities against innocent people, think twice. WE ARE WATCHING!!! Expect Us!"

iScanner is a free open source tool lets you detect and remove malicious codes and web page malwares from your website easily and automatically. iScanner will not only show you the infected files in your server but it's also able to clean these files by removing the malware code ONLY from the infected files.

findmyhash is a Python script which has been developed to find different types of password hashes using multiple cracking online services. In case that it does not find a favourable “cracked” hash, it will also present you with relevant Google search results.

This is open source script can mostly serve as a start up point for cracking any hash. It supports a lot many online hash cracking services.Cracking services supported by findmyhash:

Schwett.com

Netmd5crack.com

MD5-Cracker.tk

tools.BenRamsey.com

md5.Gromweb.com

md5.HashCracking.com

victorov.su

md5.thekaine.de

tmto.org

md5-db.de

md5.my-addr.com

md5pass.info

md5decryption.com

md5crack.com

md5online.net

md5-decrypter.com

authsecu.com

hashcrack.com

objectif-securite.ch

c0llision.net

md5.rednoize.com

cmd5.org

cacin.net

ibeast.com

password-decrypt.com

bigtrapeze.com

hashchecker.com

md5hashcracker.appspot.com

passcracking.com

askcheck.com

cracker.fox21.at

crackfoo.nicenamecrew.com

joomlaaa.com

md5-lookup.com

sha1-lookup.com

sha-256.sha1-lookup.com

ripemd-lookup.com

md5.com.cn

md5.digitalsun.pl

md5.drasen.net

md5.myinfosec.net

md5.net

md5.noisette.ch

md5hood.com

stringfunction.com

xanadrel.99k.org

isc.sans.edu

bokehman.com

Chances are, if this script does not find your hash, it might be unique and you will have to crack it! As of now, it supports the following nine hashing algorithms:

MD4

MD5

SHA1

SHA256

RMD160

MYSQL

CISCO7

LM

NTLM

This script has been duly tested with MD5, LM and NTLM hashes because they are the most common ones.Download findmyhash

75 Indian Govt and University Sites hacked including Patiala Police by Muslim Liberation Army

Muslim Liberation Army hackers today hack 75 more Indian websites , Including Govt. and Universities sites and also Police websites. Patiala Police website is one of the target of hackers. List of all hacked sites is here. hackers are : XtReMiSt, KillerMind Haxor, Jerry Hassan, Mindy, Faisy Ali Laghari , according to deface page.

Syrian hackers have hit the website of Harvard University, one of America’s top universities, Itar-tass reports. Along with a picture of Syrian president, Bashar al-Assad, the hacked home page showed a message saying the "Syrian Electronic Army Were Here".

"The university's homepage was compromised by an outside party this morning. We took down the site for several hours in order to restore it. The attack appears to have been the work of a sophisticated individual or group," said a Harvard spokesman. They also criticized US policy towards President Assad`s regime and wrote several threats to the US. The new design stayed on the website for nearly an hour.

MySQL.com website is currently hacked and compromised with a JavaScript malware (and serving malware to anyone visiting it). The mysql.com website is injected with a script that generates an iFrame that redirects the visitors to http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php, where the BlackHole exploit pack is hosted.

"It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge," say the researchers. "The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection."

It is, of course, impossible to say who the attackers are. The domain reached through the iFrame is registered to one Christopher J Klein from Miami and is located in Berlin, Germany. The domain serving the exploit and the malware is located in Stockholm, Sweden.The administrators of the mysql.com domain are being contacted, but the site is still up and compromised, say the researchers.
[Source]

A group calling itself “The Script Kiddies” hacked USA Today’s Twitter account this weekend and used it to solicit requests for future targets and even to promote its own Facebook page. Although this recent hack seems like more of a childish prank, this group is being taken seriously by the FBI due to its earlier hacks involving false terrorism claims posted to NBC’s Twitter account.

USA Today quickly regained control of the compromised feed. "@usatoday was hacked and as a result false tweets were sent. We worked with Twitter to correct it. The account is now back in our control," it said. "We apologize for any inconvenience or confusion caused to our readers and thank you for reading @usatoday."

It’s possible that the new USA Today hack involved a spyware Trojan horse, like the earlier NBC hack did. For the NBC hack, NBC News’s director of social media Ryan Osborn could have received a Trojan horse containing a keylogger via email, which then captured passwords as they were typed into his computer.

The Facebook page allegedly operated by the Script Kiddies is still live, but their @script_kiddiez_ Twitter feed has been suspended.

Special for all The Hacker News subscribers (Offer ends Sep 30, 2011)
Attend EC-Council's signature event in Miami - Hacker Halted USA - and Get an iPad 2 + 2 nights hotel + an additional 10% discount, when signing up for the conference pass at public prevailing rates, or for selected training. Held at the Intercontinental Miami from Oct 21 - 27, Hacker Halted USA will feature some of the best infosec superstars including Bruce Schneier (Internationally acclaimed security guru), Philippe Courtot (Chairman - Qualys), Jeremiah Grossman (CTO - WhiteHat Security), George Kurtz (Global CTO - McAfee), Dr. Charlie Miller (Accuvant), Moxie Marlinspike, Barnaby Jack and many others. There are a total of more than 70 speakers this year, and a very comprehensive agenda covering the major hot topics surrounding information security across 4 dedicated tracks. There is also a wide selection of training to choose from. To find out more about this not to be missed event, please visit: www.hackerhalted.com/2011

To register for the event and enjoy the promotion, please follow the below instructions:

Please note that this special offer will not be valid with any other discounts or promotions. For more information about this special offer, please email leonard@eccouncil.org.Note : Offer ends Sep 30, 2011

According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog 'With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook.'

After explaining the cookies behavior he also suggested a way to fix the tracking problem: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'

Official websites of 7 major Syrian city hacked by Anonymous for #OpSyria

Official websites of 7 major Syrian city hacked by Anonymous hackers as part of hacktivists Anonymous' Operation Syria ( #OpSyria ). Anonymous has replaced the home pages of official Syrian websites with an interactive map of Syria, showing the names, ages and date of deaths of victims of the Syrian regime since the protests started in March. They call it Martyrs of Freedom (March - October 2011). The figure 2,316 commemorates the number of Syrians killed by the Syrian regime since anti-Assad protests started in Syria in March. The victims' names, ages and dates of death appear as you hover over the map of Syria.

Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , a DDoser , A MD5 hash Cracker , Python and PHP Bind-Shells , Anti-Crawler Features etc! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization!New Features :-

700,000 sites on Inmotion Hosting Server hacked by TiGER-M@TE in one shot !

700,000 websites hosted on InMotion Hosting network hacked by TiGER-M@TE including Trinity FM, Blast Magazine. It was not just a server hack, actually whole data center got hacked.List of all hacked 700000 sites are available here. Hackers copied over the index.php in many directories (public_html, wp-admin), deleted my images directory and added index.php files where they weren’t needed. 2,00,000 websites hack mirror already Submitted to Zone-H by TiGER-M@TE. We (The Hacker News) talk with hacker about the hack, He claim "I hack 700000 websites in one shot, this may be a new world Record. After submitting 200,000 domains,zone-h was going down again and again and became almost unresponsive in the end.so i was unable to submit all websites.so i've listed all domains in attachment.It was not just a server hack, actually whole data center got hacked."

In Motion acknowledged the breach as :"Dear Customer,At around 4am EST, our system administration team identified a website defacement attack affecting a large number of customers. We are still investigating, but it appears that files named index.php have been defaced.If you have a backup of your site, you may upload your index.php files to correct this. You may need to do this for each directory. If your site uses an index.html or index.htm, you will need to upload those files, then delete the index.php."Later Update by InMotion:"Systems has been successful in restoring a portion of the affect sites. They are refining their repair method now and should be able to begin deploying the update to additional sites shortly. Please bear with us for another 1 hour when we feel we will have more information to share."

TiGER-M@TE is the same hacker who successfully deface Google Bangladesh website. We interviewed TiGER-M@TE, who claimed to be hacking since 2007, working alone, and only using private exploits and zero-day attacks.

The hack saw the homepage replaced by the words “Server HackeD by TIGER-M@TE” alongside the hash tag “#Bangladeshi HackeR” and the text “Greetz: aBu.HaLiL501; w7sh.Syria; Sy-Hacker; NmR.Hacker; Wa7sh Hacker; h311 c0d3”. This was accompanied by an email address along with a banner reading “Underground Hackers 2007-2011”.

There's another Mac OS X Trojan out in the wild, and it might be heading your way.If you open the file, which could appear as an emailed attachment or as a Web link, the document, written in traditional Chinese ideograms, does indeed display. But a Trojan silently installs itself in the background as you try to sort out centuries-old territorial claims.The Trojan doesn't really do anything yet. But F-Secure, the Finnish security firm that discovered it, notes that it lays the groundwork for much more sophisticated attacks against Macs.

The malware in question has been identified as Trojan-Dropper:OSX/Revir.A, which installs a backdoor, Backdoor:OSX/Imuler.A, onto the user's Mac. Currently, however, the backdoor doesn't communicate with anything. The command-and-control center for this particular malware is apparently a bare Apache installation, which has been sitting at its current domain since May of this year. Because of this, users who might fall victim to this attack aren't likely to see many ill effects for the time being, but that could change if the files end up spreading to a wider audience.

Usually, backdoors are employed to communicate with a remote command-and-control (C&C) server, which is capable of instructing the payload to siphon off data from the infected computer back to the attackers. However, F-Secure found that the C&C server is a bare Apache installation, not yet capable of communicating with the backdoor.

Singapore has said it will boost its national capability to counter cyber security threats through the setting up of a 'National Cyber Security Centre' in the coming months. The Centre, which will be headed by the Singapore Infocomm Technology Security Authority, will help the government deal more effectively with cyber security threats and vulnerabilities by enhancing capabilities in early detection and prevention, Deputy Prime Minister Teo Chee Hean said.

In his address at the Second Singapore Global Dialogue here yesterday, Teo, who is also coordinating minister for national security and home affairs minister, said a safe and functioning cyberspace was critical to "our society, economy and national security."

The FBI believes that the homeless man they arrested on Thursday was "Commander X", a member of the People's Liberation Front (PLF) associated with Anonymous hacktivism.

The logs maintained by HideMyAss.com, in addition to other evidence, has led to the arrest of another LulzSec member in Arizona, The Tech Herald has learned. Cody Kretsinger, 23, allegedly used the anonymity service during his role in the attack on Sony Pictures.

According to HideMyAss.com, “…services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities.” The service stores logs for 30-days when it comes to Website proxy services, and they store the connecting IP address, as well as time stamps for those using the VPN offerings. Emails seeking comment on HideMyAss.com’s level of cooperation with the FBI, as well as to confirm what information was made available, were not returned.

According to a CBS News report, "Commander X" told their reporter that he had no fear about being caught:"We're not going to turn ourselves in. They can come and get us is what I say. Bring it on. Until then, we run... We will remain free and at liberty and at large for as long as we can, and when the time comes that each and every one of us eventually will be brought to justice, we will hold our head high in any court of law and we will defend our actions."

He faces a maximum sentence of 15 years in prison if convicted. Government prosecutors want him moved to Los Angeles, where Sony Pictures' computer system is located and where the case against him has been filed.

The secure sockets layer (SSL) and transport layer security (TLS) encryption protocol, used by millions of websites to secure Web communications via HTTPS, is vulnerable to being decrypted by attackers.

Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

Juliano Rizzo and Thai Duong say the vulnerability compromises TLS (Transport Layer Security) 1.0, the encryption mechanism that secures Web sites accessed using HTTPS (Secure Hypertext Transfer Protocol). TLS is the successor to SSL (Secure Sockets Layer) and is widely used at financial sites. Companies, including Google, Facebook, and Twitter, are urging the wider use of TLS on the Web.

The exploit – demonstrated with a tool called BEAST – targets a flaw that could leave transactions open to attack and is being taken seriously by online payments firms.“We have got a team of security people and it is always working on updates and upgrades and they are looking into this already,” a PayPal spokesperson told PC Pro. “The details are still to be revealed, but the security people are trying to get a headstart on making sure this is kept secure."

BEAST requires attackers to gain a man-in-the-middle position. Most of the time this means that they need to be on the same network as their targets so they can intercept browser requests.BEAST has two components. One contains code that must be loaded into the victim's web browser and the second one captures and decrypts HTTPS session cookies. The researchers claim that they can decrypt any secure session cookie in five minutes on average.

TCP Port scanner Multi threaded with possibility to scan 65535. TCP ports on an IP address.You can specify how many threads to run and the timeout. Further more it will tell you the MAC address of the target and the service runningFor LINUX and Windows. Change Log

Core Security Technologies itself become the latest victim of hack by sncope hacker. Hacker deface the websites, Mirror of hack can be seen here. Core Security offers the first and only real-world approach to security testing and measurement, but what if they got hacked ? that really terrific sometime... More Domains of Core Security Hacked by him:

Search warrants were also being executed in New Jersey, Minnesota and Montana. The FBI arrested two alleged members of the hacking collectives LulzSec and Anonymous on Thursday morning in San Francisco and Phoenix, According to Fox news. The suspected hacker arrested in California is homeless and alleged to have been involved in the hacking of Santa Cruz County government websites.

The person arrested in Arizona is a student at a technical university and allegedly participated in the widely publicized hack against Sony. Both groups have been targeted by the FBI and international law enforcement agencies in recent months.

Meanwhile, the FBI arrested an alleged Anonymous member in San Francisco. The man, who is reported to be homeless, is said to have been involved in internet attacks against Santa Cruz County government websites.Just because a man is homeless, of course, doesn't mean that he can't get an internet connection. Coffee houses, cafes, libraries, etc can all offer cheap or free internet access - and because the computer being used can be a shared device, it may be harder to identify who might have been responsible for an attack compared to a PC at a home.

The arrests shouldn't surprise anyone. They made two errors:Mistake #1: They brough too much attention to themselves.
It is said that John Gotti, the mafia boss, brought so much attention to himself that he became a natural, high profile target for law enforcement. As Amichai Shulman, our CTO, stated before, the Lulzsec, the hackers "were extremely unfocused in their goal and gained attention mainly due to the relative intensity of their activity and lack of other good media topics." They brought too much attention to themselves and you could expect law enforcement to find them. If you look at hacking historically, over the past 20 years many of the high-profile attacks or those that involve serious losses to governments or commercial companies have ended up with law enforcement finding the perpetrators eventually, such as Albert Gonzalez.

Mistake #2: They didn't cover up their tracks.
Let's review some of the Lulzsec chat logs from a few months ago. One snippet, in reference to discussions Lulzsec was having with the media, shows how the hackers themselves admit they gave away too much informaiton:Topiary - Sabu and I got a bit carried away and gave LulzSec away a bit
As Imperva's Tal Be'ery said in this USA Today article, "When you're running this kind of operation for a long time, especially with not very concrete plans, you're bound to make mistakes." The mistakes Lulzsec and Anonymous made during their hacking spree left an electronic trail with enough foot prints to product today's arrests.

Ready for a little game of capture the flag? What if you weren't running around a field like a crazy person trying to grab a flag out of someone’s belt, but instead were navigating around a network overcoming technical challenges to find markers that you are awarded points for once submitted? Then CSAW CTF 2011 is where it’s at.

CSAW CTF 2011 is hosting the qualifying round from Friday September 23, 2011 to Sunday September 25, 2011. The competition will begin at 8PM that Friday night, and is used to determine who will proceed on to the finals taking place in New York November 10-11 at NYU-Poly.The event is centered on assessing application security abilities. For the qualification round there is no limit to the number of team members you can have, but if you move on to the final round your team will be limited to four players.

If you attend the event you’ll have the chance to rub elbows with anyone and everyone interested in cyber security; the CSAW website describes it as, “the best of the best, from high school students to PhD candidates, will be found at CSAW, engaged in a fierce, two-day event guaranteed to thrill”.

And if that’s not enough to peak your interest, now would be a good time to mention that Kaspersky Lab is joining forces with NYU-Poly and presenting their “IT Security for the Next Generation” Convention at CSAW. But nothing comes without a little elbow grease. Prospective attendees have to turn in research on “cyber security” by October 10, 2011. If picked, they will then have to present their research. The kicker? If you win you will be invited to attend the 2012 Kaspersky International Cup of the IT Security Conference for Young Professionals. Oh and it’s in Europe. And there are cash prizes for 1st, 2nd and 3rd place. No big deal, right?

"By partnering with NYU-Poly, we're able to tap into the minds of the young researchers of tomorrow and foster communication and collaboration with the experts of today. We've had great international success and are excited for Kaspersky Lab to bring this program to North America's brightest academia," Eugene Kaspersky, co-founder and CEO of Kaspersky Lab, said in regards to the upcoming event.

So if you’re ready to mix and mingle and talk all things cyber security, plus have a little fun and potentially win a little money and free entry to the 2012 conference, well, this is the convention for you.

Author Bio:

This is a guest post from Laura Backes, she enjoys writing about all kinds of subjects and also topics related to internet providers in my area.You can reach her at: laurabackes8 @ gmail.com.

Lilith tool analyses webpages and looks for htmltags , which often refer to dynamic pages that might be subject to SQL injection or other flaws.Lilith basic function is to spider and analyses pages, following hyperlinks, injecting special characters that have a special meaning to any underlying platform. As most of us know web applications scanner can never perform a full 100% correct audit. A manual re-check eliminates most of the false positve.

· Written by Vivek Ramachandran ¬ world renowned security research and evangelist, and discoverer of the wireless “Caffe Latte Attack” Read More

How To Win
Sound like something you might be interested in? All you need to do is head on over to the book page, look through the product description, and drop a line via the comments below to let us know what interests you the most about the book. Winners from the U.S. and Europe can either choose a physical copy of the book or the eBook. Users from other locales are limited to the eBook only.

The contest will close on October 1st 11:59 p.m. PT. Winners will be contacted by email, so be sure to use your real email address when you comment!